<?php include('header.php'); ?>

<?php if(!isset($_POST['do_edit']) && !isset($_POST['edit_user'])) { ?>

<h2>Edit User</h2>

<form action="" method="post">

	<label>Username / Fname / Lname</label>
    <input type="text" id="username" name="username" alt="Search Criteria" onkeyup="searchSuggest();" autocomplete="off" />
	<div id="search_suggest"></div>
	<input type="submit" class="suggest_button" value="Search" name="edit_user" /> <!-- Hidden Search Button (for Prettyness) -->

</form>

<? }

if(isset($_POST['edit_user'])) {
	connectlogin();
	$search_q = $_POST['username'];
	
	$sql = "SELECT * FROM account_data WHERE name LIKE '" . $search_q . "%' or fname LIKE '" . $search_q . "%' or lname LIKE '" . $search_q . "%' ORDER BY name LIMIT 0, 10"; 
	$result = mysql_query($sql);
	
	$count = mysql_num_rows($result);
	
	if($count == '1') { // Only 1 search result found, direct straight to edit page.
		
		$row = mysql_fetch_array($result);
	
		$user_id = $row['id'];
		redirect('user_edit.php?uid='. $user_id);
		
	} elseif(strlen($search_q) <= 2) { // Search at least 2 characters validation.
        
		$s_error = '<div class="error_message">Attention! Please be more specific in your search, at least 3 characters.</div>';
		echo $s_error;
      
	} else {
	
		echo "<h2>Top 10 Search Results</h2>";
		
		echo "<p>You have searched for <b>$search_q</b>, found <b>$count</b> results that match this criteria.</p>";
		
		echo "<ul class='column_result'>";
	
		echo '<li><span class="result_column" style="width: 15%;">Username</span><span class="result_column" style="width: 25%;">Real Name</span><span class="result_column" style="width: 35%;">E-Mail Address</span><span class="result_column">Registered Date</span></li>';
				
		while($row = mysql_fetch_array($result)) {
			if($row['user_level'] >= 1) { $is_admin = " <span style='color: #08c;'>*</span>"; }
		
			$timestamp = strtotime($row['timestamp']);
			$reg_date = date('d M y @ H:i' ,$timestamp);
		
			echo '<li><a href="?uid='.$row['user_id'].'"><span class="result_column" style="width: 15%;">'.$row['username'].$is_admin.'</span><span class="result_column" style="width: 25%;">'.$row['fname'].' '.$row['lname'].'</span><span class="result_column" style="width: 35%;">'.$row['email'].'</span><span class="result_column">'.$reg_date.'</span></a></li>';
			
			// Clear the variable
			
			$is_admin = "";
		}
		
		echo "</ul>";
		
	}
}


// Has the edit form been submitted?

if(isset($_POST['do_edit'])) {
	
	$id = mysql_real_escape_string($_POST['user_id']);
	$fname = mysql_real_escape_string($_POST['fname']);
	$lname = mysql_real_escape_string($_POST['lname']);
	$email = mysql_real_escape_string($_POST['email']);
	$password = mysql_real_escape_string($_POST['password']);
	$password2 = mysql_real_escape_string($_POST['confirm']);
	$level = mysql_real_escape_string($_POST['user_level']);
	$restrict = mysql_real_escape_string($_POST['restrict']);
	
	$delete = mysql_real_escape_string($_POST['delete']);
	
	// Ticked the 'delete user' box? If so, delete and echo message.	
	if($delete == 'delete_uid' && $error == '') {
		
	$sql = "DELETE FROM account_data WHERE id='$id'";
	$query = mysql_query($sql) or die("Fatal error: ".mysql_error());

	echo "<h3>Deleted</h3>";
	echo "<div class='success_message'>User <b>$fname $lname</b> has been removed from the database.</div>";
	
	echo "<h2>What to do now?</h2><br />";
	echo "Go to the <a href='user_edit.php'>edit users</a> page.</li>";
		
	} else {
	
	// Validate the submitted information
	
		if(trim($id) == '1') {
        	$error = '<div class="error_message">Attention! You cannot edit the main Administrator, use database.</div>';
        } else if(trim($fname) == '') {
        	$error = '<div class="error_message">Attention! You must enter a first name.</div>';
        } else if(trim($lname) == '') {
        	$error = '<div class="error_message">Attention! You must enter a last name.</div>';
        } else if(!isEmail($email)) {
        	$error = '<div class="error_message">Attention! You have entered an invalid e-mail address, try again.</div>';
        } else if(trim($level) == '') {
        	$error = '<div class="error_message">Attention! No user level has been selected.</div>';
        }
		
	// Password been entered? If so, validate and update information.
	
		if($password != '') {
		
			if($password != $password2) {
				$error = '<div class="error_message">Attention! Your passwords did not match.</div>';
			}
			
			if(strlen($password) < 5) {
				$error = '<div class="error_message">Attention! Your password must be at least 5 characters.</div>';
			}
			
			if($error == '') {
		
			$sql = "UPDATE account_data SET membership='$restrict', fname='$fname', lname='$lname', email='$email', access_level='$level', password = cryptPassword('$password') WHERE id = '$id'";
			$query = mysql_query($sql) or die("Fatal error: ".mysql_error());
		
			echo "<h2>Updated</h2>";
			echo "<div class='success_message'>User information (and password) updated for User ID <b>$id ($fname $lname)</b>.</div>";
			
			echo "<h2>What to do now?</h2><br />";
			echo "Go to the <a href='user_edit.php'>edit users</a> page.</li>";
			
			}
	else { echo $error;}
	// Password has not been entered don't update password fields.
		
		} else {
		
			if($error == '') {
		
			$sql = "UPDATE account_data SET membership='$restrict', fname='$fname', lname='$lname', email='$email', access_level='$level' WHERE id = '$id'";
			$query = mysql_query($sql) or die("Fatal error: ".mysql_error());
		
			echo "<h2>Updated</h2>";
			echo "<div class='success_message'>User information updated for <b>$fname $lname</b>.</div>";
			
			echo "<h2>What to do now?</h2><br />";
			echo "Go to the <a href='user_edit.php'>edit users</a> page.</li>";
			
			}
		
		}
		
	}
}

// Has a user been selected to edit?

if($_GET['uid'] && !isset($_POST['do_edit']) && !isset($_POST['edit_user'])) {
connectlogin();
	$user_id = $_GET['uid'];
	
	$sql = "SELECT * FROM account_data WHERE id='$user_id'"; 
	$result = mysql_query($sql);
	
	$row = mysql_fetch_array($result);
	
	$user_level = $row['access_level'];
	$restricted = $row['membership'];
			
	echo "<h2>User Information ( ".stripslashes($row['name'])." )</h2>";
	
?>

<form action="" method="post">
<input type="hidden" name="user_id" value="<?php echo $row['id']; ?>" />

<label>First / Last Name</label>
<input type="text" name="fname" value="<?php echo stripslashes($row['fname']); ?>" style="width: 46%;" />&nbsp;<input type="text" name="lname" value="<?php echo stripslashes($row['lname']); ?>" style="width: 46%;" /><br />

<label>E-Mail</label>
<input type="text" name="email" value="<?php echo stripslashes($row['email']); ?>" /><br />

<label>Password (Blank to not edit)</label>
<input type="password" name="password" value="" /><br />

<label>Confirm</label>
<input type="password" name="confirm" value="" /><br />

<label style="width: 50%;">User Level</label>
<select name="user_level">
<option selected value="<?php echo stripslashes($row['access_level']); ?>"><?php echo $user_level ?></option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
</select>

<label style="width: 50%;">User Access</label>
<select name="restrict">
<?php if($restricted != 0) { ?>
<option selected value="1">Restricted</option>
<option value="0">Default</option>
<?php } else { ?>
<option selected value="0">Default</option>
<option value="1">Restricted</option>
<?php } ?>
</select>

<br /><br />
<div class="error_message">Delete this user? (Cannot be undone!) <input type="checkbox" class="checkbox" name="delete" value="delete_uid"></div>
<input type="submit" value="Confirm" name="do_edit" />
</form>

<?php } include('../themes/footer.php'); ?>